AZ-2001: Implement security through a pipeline using Azure DevOps

Course Prerequisites

• Familiarity with DevOps practices and tools, especially Azure DevOps.
• Basic knowledge of version control systems like Git.
• Understanding of CI/CD principles and concepts.
• Some familiarity with security best practices and tools used in cloud environments.
• Basic experience with Azure services and the Azure portal.
• While prior experience in security engineering is not required, understanding of general security concepts will be beneficial.

Learning Objectives

By the end of the AZ-2001: Implement Security through a Pipeline using Azure DevOps course, you will be able to:

1. Set up Azure DevOps environments and configure pipelines for continuous integration and delivery with security integration.
2. Implement secure coding practices and automate security testing using tools such as SonarQube, WhiteSource, and OWASP Dependency-Check.
3. Integrate security checks into every stage of the DevOps pipeline using tools like Azure Security Center, Azure Key Vault, and Azure Policy.
4. Automate vulnerability scanning in your DevOps pipeline with Azure DevOps and third-party security tools to ensure compliance.
5. Implement container security by integrating Azure Container Registry (ACR) and Azure Kubernetes Service (AKS) into the pipeline for secure container image scanning.
6. Enforce access controls and manage secrets and keys securely with Azure Key Vault within DevOps workflows.
7. Ensure regulatory compliance and audit trails for DevOps projects by leveraging Azure Policy and compliance tools.
8. Integrate threat modeling and automated security testing during both the build and release pipeline stages.
9. Automate security monitoring and incident management by integrating Azure Monitor, Log Analytics, and Application Insights with the Azure DevOps pipeline.
10. Apply security best practices in a continuous delivery environment, ensuring that security vulnerabilities are identified and remediated in early stages of the software lifecycle.

Target Audience

This course is ideal for:

• DevOps engineers looking to integrate security into their CI/CD pipelines using Azure DevOps.
• Security professionals who want to learn about security automation and integration with DevOps processes.
• Cloud developers seeking to implement security practices during development and deployment in Azure DevOps.
• Azure professionals who want to understand how to integrate security into the end-to-end Azure DevOps pipeline.
• IT and system administrators who are involved in securing and managing Azure DevOps environments.